Thanks, Misagh.
The addons seems interesting (we use 1.1 with CAS 3.5.2.1, so itd represent an upgrade), however the SP has stated that they explicitly look for samlp, so we will look for the next CAS release, but not before trying to punt it to the SP. Best regards, -- Carlos. From: Misagh Moayyed [mailto:[email protected]] Sent: Wednesday, 12 November, 2014 15:08 To: [email protected] Subject: RE: [cas-user] SAML 1.1 assertion XML namespace There is also this which might point you to the right direction: https://github.com/Unicon/cas-addons/wiki/Disabling-SAML-namespaces-from-a ssertions From: Misagh Moayyed [mailto:[email protected]] Sent: Wednesday, November 12, 2014 1:05 PM To: [email protected] Subject: RE: [cas-user] SAML 1.1 assertion XML namespace Best think you can do is to ask the SP to make the change on their end. This is not an easy feat to take care of on your side, and would require some extensive mods perhaps to make this work and make it be a per-RP thing. There is pending pull right now that makes this sort of thing easier for the next CAS release. If you end up making the change, you may want to use that as a starting point. From: Carlos Fernandez [mailto:[email protected]] Sent: Wednesday, November 12, 2014 12:06 PM To: [email protected] Subject: [cas-user] SAML 1.1 assertion XML namespace Good afternoon, We have a service provider with whom were trying to set up SAML 1.1 SSO to our CAS server. After a lot of going back and forth, weve reached a point where they finally can validate the SAML artifact and get a response from /samlValidate (we knew it worked on our end since we have other apps using SAML). Now they say that they cant process the SAML assertion in the response since CAS sends it using the saml1p namespace, while their code expects samlp. Now, this leads me to believe that theyre not using a standard XML parser but instead hacked a custom parser. Before I go and tell them to fix their parser, Id like to see if I can do something easy on my end to make CAS spit out a different namespace in the assertion. I noticed that the namespace comes from the SAMLConstants class in the OpenSAML jar, however I cannot yet figure out how it gets to CAS my guess is in AbstractSaml10ResponseView.java through the OpenSAML Response class. Will any of this be worthwhile? Im not sure its recommended its set as a constant in OpenSAML for a reason, I suppose. Id like to tell the service provider to fix their code, which theyve already done for other things (e.g., overloading the TARGET parameter for something unrelated to SAML). What would you suggest? Thanks in advance, -- Carlos M. Fernández Enterprise Systems Manager Saint Josephs University Philadelphia PA 19131 T: +1 610 660 1501 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
